Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at

This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

Multi-Tenancy With Splunk

If you are a service provider, it is not necessary to set up a dedicated Splunk server for every customer. Splunk fully supports multi-tenancy and uberAgent does, too. This article describes how to configure it.


Splunk stores data in indexes. Regarding multi-tenancy, the important thing is that you can set permissions per index.

Setting up a multi-tenant Splunk & uberAgent installation is simple. We are going to follow the concept outlined in the Splunk blog.


Actually, all you have to do is described very well in the Splunk blog article mentioned earlier. Here is a summary:

  • Create a unique index per customer. Please note that all uberAgent indexes should start with a common prefix (e.g. uberagent) so that they can be searched with a single wildcard statement (e.g. uberagent*). Valid names would be uberagent-customer1 and uberagent-customer2.
  • To set up custom index names follow the instructions in this article.
  • Configure users according to the Splunk blogs article.


If you have configured this, you have a setup where Splunk administrators can search everything while individual customer admins can only search their own data.


Your email address will not be published. Required fields are marked *